How to ensure a user's email is verified before they can sign in - needs feathers-authentication changes
See original GitHub issueRelated to https://github.com/feathersjs/feathers-authentication/issues/391.
Original bug report by @IBwWG
OK, so, as a newcomer, I really am not sure where exactly this issue fits into this repo, but @eddyystop is pretty involved here so I’m taking his word for it. 😃 (Original issue is at https://github.com/eddyystop/feathers-starter-react-redux-login-roles but I’m assured that it’s not about that repo.)
Steps to reproduce
- git clone https://github.com/eddyystop/feathers-starter-react-redux-login-roles/
- npm install
- npm start
- curl -X POST -H “Content-Type: application/x-www-form-urlencoded” -H “Cache-Control: no-cache” -H “Postman-Token: 95cf199c-f038-c893-7053-a8a09fbef2ca” -d ‘name=i have a name&username=nammmmmmmmmmme&password=what the hey&confirmPassword=what the hey&email=yes@no.why’ “http://localhost:3030/users”
- curl -X POST -H “Content-Type: application/x-www-form-urlencoded” -H “Accept: application/json” -H “Cache-Control: no-cache” -H “Postman-Token: 018a022f-bf1b-7e4f-cf11-db40a5fce490” -d ‘email=yes@no.why&password=what the hey’ “http://localhost:3030/auth/local”
Expected behavior
Failure, since I never verified with the “e-mailed” token. (i.e. I didn’t use the link that appears in the console at step 4.)
Actual behavior
Success and JWT token given via JSON. If you scrap the Accept header in step 5, you get a similar result served up in HTML.
System configuration
This is happening both on a Windows box and a Linux box am I testing on.
Module versions (especially the part that’s not working):
feathers-authentication 0.7 feathers 2.0.3
NodeJS version:
Windows: node 7.3.0 Linux: node 6.9.2
Operating System:
Windows: 7x64sp1 Linux: Mint 17.3 (32-bit)
Module Loader:
see https://github.com/eddyystop/feathers-starter-react-redux-login-roles
I think the main issue is around documentation or we should have a hook that someone can use to ensure that an email exists and has been verified. Currently the way I see this working is a hook after auth.hooks.authenticate
or it is a custom verifier for feathers-authentication-local
that upon looking up the user by email also ensures that the email has been verified.
Issue Analytics
- State:
- Created 6 years ago
- Comments:14
Top GitHub Comments
I don’t know if you still need help with this issue but the solution is very simple: add the
isVerified
hook in the before hook ofauthentication
service.Example: (You only need to add two lines to this service)
I believe the all issues here have been addressed. If you have any new comments please make them in authenticate-local-management rewrite.
Full details on the rewrite are posted to https://github.com/feathers-plus/authentication-local-management/blob/master/misc/upgrading.md